Security News

Almost two weeks ago, the European Parliament took the step of objecting to the European Commission's decision to grant the UK data adequacy. The European Parliament's resolution will not block adequacy, but it nevertheless sends a significant political signal, particularly in the wake of two major court cases last week, which have found the UK's exemption of immigration from data protection laws to be unlawful and that UK mass surveillance laws violated privacy rights.

An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet. The document, seen by The Register, contained details of all 1,182 British soldiers recently promoted from corporal to sergeant - including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment.

Ignition Technology announced a partnership with Siemplify as its exclusive distributor to bring the leading independent provider of security orchestration, automation and response technology to a growing MSSP community across the UK. Siemplify is redefining security operations for MSSPs worldwide through its innovative platform that helps security teams manage their operations and respond to cyber threats with speed and precision. The Siemplify SOAR platform combines security orchestration, automation, and response with end-to-end security operations management to make analysts and security engineers more productive.

Surveillance laws permitting GCHQ to operate its Tempora dragnet mass surveillance system broke the law, the European Court of Human Rights has ruled. "The Court considers that, when viewed as a whole, the section 8(4) regime, despite its safeguards... did not contain sufficient 'end-to-end' safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse," ruled the European Court of Human Rights's Grand Chamber.

The UK's Competition and Markets Authority has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund. It's quite the slap on the wrist for McAfee, whose software tends to be bundled with a large number of devices sold in the UK. Customers who signed up with the company may not have understood the ins and outs of auto-renewal, hence the CMA action.

Prosecutions under the UK's Computer Misuse Act dropped by a fifth in 2020 even as conviction rates soared to 95 per cent during the year of the pandemic, new statistics have revealed. This week's conviction statistics also showed that the most common CMA crime taken to court was the offence of "Unauthorised access to computer material", accounting for 33 of the year's total of 45 prosecutions under the Act.

API security firm 42Crunch has raised $17 million in a Series A funding round led by Energy Impact Partners and joined by Adara Ventures. In 2019, Gartner stated, "By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications." Its proposed solution was, "Use a Combination of API Management and Web Application Firewalls to Protect APIs, in Conjunction with Identity Infrastructure."

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. "Between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organisation. Amex also did not review its marketing model following customer complaints," said the ICO in a statement.

These recent advancements are enabling Sourcepoint to better serve its new and existing customers across Europe, the UK and North America. Rubash, Chief Privacy Counsel, has more than 15 years of legal and privacy experience, which will be integral to this foundationally important position at Sourcepoint.

The British government has vowed to create a legally binding cybersecurity framework for managed service providers - and if you want to tell gov. Targeted at managed service providers and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for "Additional government intervention" to force businesses into formally assessing cyber risks to their supply chains.